Have you got an answer for your question???
One option is to use two security domains. One for the client and one for the EJB3 container.
The client security domain simply uses the org.jboss.security.ClientLoginModule to make the credentials available for further consumption within the EJB3 container's security domain as needed.
You mean one security domain for JBOSS remoting, one security domain for my normal EJBs, stateless ejbs for example
If you mean that, i couldn't pass my credentials to my custom security domain by using JAAS. I'm working on a remote client which uses EJBs hosted in JBOSS 7.1.1 container. I couldn't find a suitable login module, so i wrote one. For JBOSS remoting i use ApplicationRealms that is predefined in JBOSS. I use my custom login module for my ejbs. I create my credentials by using JAAS on the client. When i debug the server, my custom login module is running, however my credentials are not given to my login module. In previous releases of JBOSS there was no problem with this method. I was able to send my credentials to JBOSS by using JAAS and use these information in my custom login module.
Frank, I don't see how this would make it possible to leave EJB-1 unsecured (no authentication required) and EJB-2 secured. The use case I was trying to describe concerns remote access from a fat client.
Serkam, no I didn't solve this issue yet.
Regarding your second question: I'm not sure why you are not receiving credentials at your custom login module.
The thread I'm refering to in my original question proofed to be really helpfull for me to get my custom login module working. You might also want to have a look at: https://community.jboss.org/thread/176963
If the problem persist please open a new thread to keep this thread on one subject.
OK, Thanks Jan, it seems i will open a new issue.